I think I recall an explicit statement somewhere from an interview with Robert that the worm was inspired partly by Shockwave Rider. I confess my immediate reaction to the worm was uncontrollable laughter. I was out of town when it happened, so I first heard it from a newspaper article (and wasn't caught up in fighting it or I'd have laughed a lot less, of course); and it seemed to me hilarious when I read that Robert was behind it. He had interned with 1127 for a few summers while I was there, so I knew him as very bright but often a bit careless about details; that seemed an exact match for the worm. My longer-term reaction was to completely drop my sloppy old habit (common in those days not just in my code but in that of many others) of ignoring possible buffer overflows. I find it mind-boggling that people still make that mistake; it has been literal decades since the lesson was rubbed in our community's collective noses. I am very disappointed that programming education seems not to care enough about this sort of thing, even today. Norman Wilson Toronto ON
On Tue, 12 Nov 2019, Norman Wilson wrote: > I think I recall an explicit statement somewhere from an interview with > Robert that the worm was inspired partly by Shockwave Rider. Yes, I noticed the similarity too. > I confess my immediate reaction to the worm was uncontrollable laughter. > I was out of town when it happened, so I first heard it from a newspaper > article (and wasn't caught up in fighting it or I'd have laughed a lot > less, of course); and it seemed to me hilarious when I read that Robert > was behind it. He had interned with 1127 for a few summers while I was > there, so I knew him as very bright but often a bit careless about > details; that seemed an exact match for the worm. That was the trouble; had he bothered to test it on a private network (as if a true professional would even consider carrying out such an act)[*] he would've noticed that his probability calculations were arse-backwards, and so spread much faster than it "should" have. > My longer-term reaction was to completely drop my sloppy old habit > (common in those days not just in my code but in that of many others) of > ignoring possible buffer overflows. I find it mind-boggling that people > still make that mistake; it has been literal decades since the lesson > was rubbed in our community's collective noses. I am very disappointed > that programming education seems not to care enough about this sort of > thing, even today. Yep. Don't use fixed-length buffers unless you *know* that it will not overflow (i.e. the data is under your control), and don't trust user input (especially if the reader is an interpreter with the possibility of spawning a shell); there are of course others. This is what you get when people call themselves programmers because they once took a course in programming or read a book; that's like calling oneself a doctor because you took a first-aid course... One of my favourite examples is "Barbie the Computer Engineer" (grep the net for it, but warning: the title contains a naughty word). Oh, OK; here's a sanitised URL: http://www.gizmodo.com.au/2014/11/barbie-fks-it-up-again/ Yes, that really is the URL; I've just tested it (but contents may offend some viewers; you have been warned). [*] And for those who slagged me off for calling him an idiot, try this quick quiz: on a scale from utter moron to sheer genius, what do you call someone who deliberately releases untested software designed to compromise machines that are not under his administrative control in order to make some sort of a point? I don't know about other countries, but try that in Australia and you'd be seriously out of pocket and/or doing porridge. -- Dave (BSc, majoring in Computer Science and Mathematics)
On Tue, 12 Nov 2019 15:56:15 -0500 Norman Wilson <norman@oclsc.org> wrote:
>
> My longer-term reaction was to completely drop my sloppy
> old habit (common in those days not just in my code but in
> that of many others) of ignoring possible buffer overflows.
> I find it mind-boggling that people still make that mistake;
> it has been literal decades since the lesson was rubbed in
> our community's collective noses. I am very disappointed
> that programming education seems not to care enough about
> this sort of thing, even today.
Unfortunately strcpy & other buffer overflow friendly
functions are still present in the C standard (I am looking at
n2434.pdf, draft of Sept 25, 2019). Is C really not fixable?
On Tue, Nov 12, 2019 at 02:10:46PM -0800, Bakul Shah wrote: > On Tue, 12 Nov 2019 15:56:15 -0500 Norman Wilson <norman@oclsc.org> wrote: > > > > My longer-term reaction was to completely drop my sloppy > > old habit (common in those days not just in my code but in > > that of many others) of ignoring possible buffer overflows. > > I find it mind-boggling that people still make that mistake; > > it has been literal decades since the lesson was rubbed in > > our community's collective noses. I am very disappointed > > that programming education seems not to care enough about > > this sort of thing, even today. > > Unfortunately strcpy & other buffer overflow friendly > functions are still present in the C standard (I am looking at > n2434.pdf, draft of Sept 25, 2019). Is C really not fixable? Someone needs to do Strcpy() etc that have the length in the first bytes[s] of the string. -- --- Larry McVoy lm at mcvoy.com http://www.mcvoy.com/lm
Oh please no. One of the things we've hopefully all learned from Pascal
is that length-prefixed strings suck because you can't perform anything
useful without copying the entire string. Rob Pike and friends showed
how to get strings and vectors right in the Go language where you have a
builtin slice type which is essentially a structure
struct slice(type) {
type *data;
size_t len, cap;
};
where data points to a buffer, len is the length of meaningful data in
that buffer and cap is the total buffer size. This allows the language
to take subslices and to append to existing slices without requiring
copies in most cases. If a copy is necessary, the runtime can allocate
a slightly larger buffer in advance to allow for appending in amortised
linear time.
Overall, much more versatile than Pascal strings.
But let's get back to the topic, after all I promised not to flame as
much as Jörg did.
Yours,
Robert Clausecker
On Tue, Nov 12, 2019 at 02:14:18PM -0800, Larry McVoy wrote:
> On Tue, Nov 12, 2019 at 02:10:46PM -0800, Bakul Shah wrote:
> > On Tue, 12 Nov 2019 15:56:15 -0500 Norman Wilson <norman@oclsc.org> wrote:
> > >
> > > My longer-term reaction was to completely drop my sloppy
> > > old habit (common in those days not just in my code but in
> > > that of many others) of ignoring possible buffer overflows.
> > > I find it mind-boggling that people still make that mistake;
> > > it has been literal decades since the lesson was rubbed in
> > > our community's collective noses. I am very disappointed
> > > that programming education seems not to care enough about
> > > this sort of thing, even today.
> >
> > Unfortunately strcpy & other buffer overflow friendly
> > functions are still present in the C standard (I am looking at
> > n2434.pdf, draft of Sept 25, 2019). Is C really not fixable?
>
> Someone needs to do Strcpy() etc that have the length in the
> first bytes[s] of the string.
> --
> ---
> Larry McVoy lm at mcvoy.com http://www.mcvoy.com/lm
--
() ascii ribbon campaign - for an 8-bit clean world
/\ - against html email - against proprietary attachments
On 11/12/2019 5:41 PM, Robert Clausecker wrote:
> Oh please no. One of the things we've hopefully all learned from Pascal
> is that length-prefixed strings suck because you can't perform anything
> useful without copying the entire string. Rob Pike and friends showed
> how to get strings and vectors right in the Go language where you have a
> builtin slice type which is essentially a structure
>
> struct slice(type) {
> type *data;
> size_t len, cap;
> };
And none of that stops some programmer from doing slice.cap=255 - or is
it read-only? ;)
On Tue, 12 Nov 2019, Bakul Shah wrote:
> Unfortunately strcpy & other buffer overflow friendly functions are
> still present in the C standard (I am looking at n2434.pdf, draft of
> Sept 25, 2019). Is C really not fixable?
No; POSIX requires all sorts of broken functions be present, otherwise it
is not compliant; heck, last I looked it even requires gets(). And let's
not even mention pointers... We are our own worst enemy.[*]
All is not lost, though; use strncpy() instead of strcpy() etc. These
days my first choice is Perl, despite it being bloated (I only use C if
it's trivial or I need the speed). I must look at Ruby, though...
[*]
Of if you were a Pogo fan, "We have met the enemy, and he is us".
-- Dave
[-- Attachment #1: Type: text/plain, Size: 1058 bytes --] On Tue, Nov 12, 2019 at 3:54 PM Dave Horsfall <dave@horsfall.org> wrote: > On Tue, 12 Nov 2019, Bakul Shah wrote: > > > Unfortunately strcpy & other buffer overflow friendly functions are > > still present in the C standard (I am looking at n2434.pdf, draft of > > Sept 25, 2019). Is C really not fixable? > > No; POSIX requires all sorts of broken functions be present, otherwise it > is not compliant; heck, last I looked it even requires gets(). And let's > not even mention pointers... We are our own worst enemy.[*] > POSIX can't even recognize that leap seconds exist :( > All is not lost, though; use strncpy() instead of strcpy() etc. These > days my first choice is Perl, despite it being bloated (I only use C if > it's trivial or I need the speed). I must look at Ruby, though... > strncpy has two issues. First, it doesn't guarantee NUL termination. Second, it always writes N bytes. It's for a fixed width data field, not a variable length string whose buffer size is known. strlcpy is much better, but still has some issues... Warner [-- Attachment #2: Type: text/html, Size: 1654 bytes --]
On 11/12/2019 6:22 PM, Warner Losh wrote:
> strncpy has two issues. First, it doesn't guarantee NUL termination.
> Second, it always writes N bytes. It's for a fixed width data field,
> not a variable length string whose buffer size is known. strlcpy is
> much better, but still has some issues...
Maybe he meant strcpy_s()
[-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #1: Type: text/plain; charset="UTF-8", Size: 3612 bytes --] Robert Clausecker writes: > Oh please no. One of the things we've hopefully all learned from Pascal > is that length-prefixed strings suck because you can't perform anything > useful without copying the entire string. Rob Pike and friends showed > how to get strings and vectors right in the Go language where you have a > builtin slice type which is essentially a structure > > struct slice(type) { > type *data; > size_t len, cap; > }; > > where data points to a buffer, len is the length of meaningful data in > that buffer and cap is the total buffer size. This allows the language > to take subslices and to append to existing slices without requiring > copies in most cases. If a copy is necessary, the runtime can allocate > a slightly larger buffer in advance to allow for appending in amortised > linear time. > > Overall, much more versatile than Pascal strings. > > But let's get back to the topic, after all I promised not to flame as > much as Jörg did. > > Yours, > Robert Clausecker > > On Tue, Nov 12, 2019 at 02:14:18PM -0800, Larry McVoy wrote: > > On Tue, Nov 12, 2019 at 02:10:46PM -0800, Bakul Shah wrote: > > > On Tue, 12 Nov 2019 15:56:15 -0500 Norman Wilson <norman@oclsc.org> wrote: > > > > > > > > My longer-term reaction was to completely drop my sloppy > > > > old habit (common in those days not just in my code but in > > > > that of many others) of ignoring possible buffer overflows. > > > > I find it mind-boggling that people still make that mistake; > > > > it has been literal decades since the lesson was rubbed in > > > > our community's collective noses. I am very disappointed > > > > that programming education seems not to care enough about > > > > this sort of thing, even today. > > > > > > Unfortunately strcpy & other buffer overflow friendly > > > functions are still present in the C standard (I am looking at > > > n2434.pdf, draft of Sept 25, 2019). Is C really not fixable? > > > > Someone needs to do Strcpy() etc that have the length in the > > first bytes[s] of the string. > > -- > > --- > > Larry McVoy lm at mcvoy.com http://www.mcvoy.com/lm OK, been biting my tongue here. I, for one, appreciate the fact that it's still legal to purchase and use power tools. I like being able to use my chainsaw to cut up a tree without having to measure it first. And I don't have a variety of tree here that contains its length at the base. Sure, things can go wrong; I have a scar on one leg to prove it. But that just shows that I need to be more careful, not that I need to try logging with a safety razor. C strings were great at the time, and are still great, especially in very small systems. Go may be nicer in larger systems but I probably wouldn't want the overhead in a small embedded system. The length at the start of a string has its issues too; do you want to consume 8 bytes at the start of each string on a 64-bit machine, or have strings that can support different lengths and have to deal with converting between them? Programming isn't a good place for careless people. I recognize that what passes for "software technology" these days is coming up with mechanisms that minimize the damage that can be done by unskilled people. But it's never gonna work. Sure, you can replace pointer problems with reference problems and so on, but that doesn't really solve anything. So let's not rehash our favorite arguments about strings until Warren shuts down the discussion. Use that energy to get out there and teach people to be better and more careful programmers. Jon
On Tue, Nov 12, 2019 at 11:41:51PM +0100, Robert Clausecker wrote: > Oh please no. One of the things we've hopefully all learned from Pascal > is that length-prefixed strings suck because you can't perform anything > useful without copying the entire string. Rob Pike and friends showed > how to get strings and vectors right in the Go language where you have a > builtin slice type which is essentially a structure > > struct slice(type) { > type *data; > size_t len, cap; > }; > > where data points to a buffer, len is the length of meaningful data in > that buffer and cap is the total buffer size. We did something similar in BitKeeper but we added a spicy little twist. We encoded len and cap in one word by making cap increase in powers of 2 only (which means you need log(n) bits for cap). So it was a data structure that scaled both up and down. We used it everywhere in BitKeeper, it was super handy. http://repos.bkbits.net/bk/dev/src/libc/utils/lines.c?PAGE=anno&REV=56cf7e34BTkDFx47E54DPNG51B2uCA
On Tue, Nov 12, 2019 at 03:45:23PM -0800, Jon Steinhart wrote:
> So let's not rehash our favorite arguments about strings until Warren
> shuts down the discussion. Use that energy to get out there and teach
> people to be better and more careful programmers.
I agree on both points, and it's a good time to ask for discussion on
strings and worms to be moved over to the COFF list!
Thanks, Warren
On 11/12/2019 6:45 PM, Jon Steinhart wrote:
> Use that energy to get out there and teach
> people to be better and more careful programmers.
If I was religious, you'd get an "Amen, brother!".
But since I'm not, a simple "exactly" will suffice ;)
ak
Norman Wilson <norman@oclsc.org> wrote:
> I am very disappointed that programming education seems not to care
> enough about this sort of thing, even today.
I think this is the key. Universities focus (too much?) on the theory
and not enough on the practice, and "learn how to program" courses
and books focus on the mechanics (syntax, semantics) and not enough
(or at all) on the practicum of writing code well.
We continue to rely on the school of hard knocks, and we continue
to pay for this reliance.
I also think there's a sliding scale. The fancier or higher-end
the university, the more the focus on theory, and vice versa. Sigh.
Arnold
arnold@skeeve.com writes:
> Norman Wilson <norman@oclsc.org> wrote:
>
> > I am very disappointed that programming education seems not to care
> > enough about this sort of thing, even today.
>
> I think this is the key. Universities focus (too much?) on the theory
> and not enough on the practice, and "learn how to program" courses
> and books focus on the mechanics (syntax, semantics) and not enough
> (or at all) on the practicum of writing code well.
>
> We continue to rely on the school of hard knocks, and we continue
> to pay for this reliance.
>
> I also think there's a sliding scale. The fancier or higher-end
> the university, the more the focus on theory, and vice versa. Sigh.
>
> Arnold
OK, this is a bit of a tangential topic for this list. But, what's the
point of obsessing on UNIX history unless it's coupled with some effort
to communicate the philosophy to a new generation of programmers?
This has been a real concern of mine for a while. As a friend of mine
put it, processors are getting so cheap that pretty soon we won't be
able to purchase pencils that don't contain them. This puts us all
at the mercy of not-great programmers. And of course, it's not just
pencils, it's stuff like airplanes too.
In my opinion, the root of the problem is that programming today is
being taught in the abstract - as if programs don't run on computers.
Programming today is taught as if it consists of importing libraries
and gluing function calls together.
I recently visited my daughter's college and attended a number of CS
related presentations. Was surprised that CS is taught in Java with
some advanced work in Python. One can almost get a CS degree there
without ever using a compiler much less learning how computers function.
Too be fair, other schools such as Dartmouth where Doug hangs out have
a better curriculum.
At the K-12 level, the stage is set by combination of the "everybody
must learn to code" curriculum with "no child left behind". School
administrators dispense with any critical thinking about the value of
the curriculum in order to chase grant dollars.
I used to be able to get into my local schools to volunteer-teach
programming. But, the learn to code curriculum has eclipsed that;
schools are led to believe that they're teaching the right stuff
(because Bill Gates says so) and aren't interested in anything else.
I recently turned my course notes into a book as an attempt to make
some small difference. Too soon to tell if it will.
Anyway, my question for you all is, how do we as seasoned practitioners
leverage our experience to contribute to the state of the art? Any of
you found a way to pass on your knowledge?
BTW, I'm doing my first messing around with the Linux kernel these days;
if anyone knows the guts of the generic filesystem code I could use a bit
of help. Here's something that I came across on the way in <sys/mount.h>:
enum
{
MS_RDONLY = 1, /* Mount read-only. */
#define MS_RDONLY MS_RDONLY
MS_NOSUID = 2, /* Ignore suid and sgid bits. */
#define MS_NOSUID MS_NOSUID
MS_NODEV = 4, /* Disallow access to device special files. */
#define MS_NODEV MS_NODEV
...
};
Can anyone explain the value of this programming style? Is this just an
example of the result of how programming is taught today?
Be happy discuss this off-list.
Jon
[-- Attachment #1: Type: text/plain, Size: 5109 bytes --] > > OK, this is a bit of a tangential topic for this list. But, what's the > point of obsessing on UNIX history unless it's coupled with some effort > to communicate the philosophy to a new generation of programmers? > 100 times this. A few hypotheses for why colleges teaching "theoretical programming" (i.e. Computer Science). - Universities, especially at the undergraduate level, have a mission to teach students how to think, not how to do. This leads to more theory and less practice. - Universities are top down institutions with lecturers. Theory is easier to teach in a top down institution than practical advice. - Software engineering is evolving so quickly, it would be hard to put together a software engineering program which had economic value. CMU has a MS in Software Engineering, but their cirriculum is vague so it's hard to tell what they do. If anybody here has taken it I'd love to hear what you thought of it. - A lot of good work needs to be done that doesn't require breaking the JVM, python, or JS abstraction layer. Cycles are cheap. Memory is cheap. And not all programs have latency or uptime requirements. UNIX culture of course was lightyears ahead of knowing this and economized for the most expensive resource of all: developer time. To bring this back to TUHS, how did (and do) UNIX developers teach the UNIX way? As someone younger than Linux, I was only lucky enough to read The Art Of Unix Programming by ESR and read Kernighan's books. Tyler On Wed, Nov 13, 2019 at 8:03 PM Jon Steinhart <jon@fourwinds.com> wrote: > arnold@skeeve.com writes: > > Norman Wilson <norman@oclsc.org> wrote: > > > > > I am very disappointed that programming education seems not to care > > > enough about this sort of thing, even today. > > > > I think this is the key. Universities focus (too much?) on the theory > > and not enough on the practice, and "learn how to program" courses > > and books focus on the mechanics (syntax, semantics) and not enough > > (or at all) on the practicum of writing code well. > > > > We continue to rely on the school of hard knocks, and we continue > > to pay for this reliance. > > > > I also think there's a sliding scale. The fancier or higher-end > > the university, the more the focus on theory, and vice versa. Sigh. > > > > Arnold > > OK, this is a bit of a tangential topic for this list. But, what's the > point of obsessing on UNIX history unless it's coupled with some effort > to communicate the philosophy to a new generation of programmers? > > This has been a real concern of mine for a while. As a friend of mine > put it, processors are getting so cheap that pretty soon we won't be > able to purchase pencils that don't contain them. This puts us all > at the mercy of not-great programmers. And of course, it's not just > pencils, it's stuff like airplanes too. > > In my opinion, the root of the problem is that programming today is > being taught in the abstract - as if programs don't run on computers. > Programming today is taught as if it consists of importing libraries > and gluing function calls together. > > I recently visited my daughter's college and attended a number of CS > related presentations. Was surprised that CS is taught in Java with > some advanced work in Python. One can almost get a CS degree there > without ever using a compiler much less learning how computers function. > Too be fair, other schools such as Dartmouth where Doug hangs out have > a better curriculum. > > At the K-12 level, the stage is set by combination of the "everybody > must learn to code" curriculum with "no child left behind". School > administrators dispense with any critical thinking about the value of > the curriculum in order to chase grant dollars. > > I used to be able to get into my local schools to volunteer-teach > programming. But, the learn to code curriculum has eclipsed that; > schools are led to believe that they're teaching the right stuff > (because Bill Gates says so) and aren't interested in anything else. > > I recently turned my course notes into a book as an attempt to make > some small difference. Too soon to tell if it will. > > Anyway, my question for you all is, how do we as seasoned practitioners > leverage our experience to contribute to the state of the art? Any of > you found a way to pass on your knowledge? > > BTW, I'm doing my first messing around with the Linux kernel these days; > if anyone knows the guts of the generic filesystem code I could use a bit > of help. Here's something that I came across on the way in <sys/mount.h>: > > enum > { > MS_RDONLY = 1, /* Mount read-only. */ > #define MS_RDONLY MS_RDONLY > MS_NOSUID = 2, /* Ignore suid and sgid bits. */ > #define MS_NOSUID MS_NOSUID > MS_NODEV = 4, /* Disallow access to device special > files. */ > #define MS_NODEV MS_NODEV > ... > }; > > Can anyone explain the value of this programming style? Is this just an > example of the result of how programming is taught today? > > Be happy discuss this off-list. > > Jon > [-- Attachment #2: Type: text/html, Size: 6190 bytes --]
>
> BTW, I'm doing my first messing around with the Linux kernel these days;
> if anyone knows the guts of the generic filesystem code I could use a bit
> of help. Here's something that I came across on the way in <sys/mount.h>:
>
> enum
> {
> MS_RDONLY = 1, /* Mount read-only. */
> #define MS_RDONLY MS_RDONLY
> MS_NOSUID = 2, /* Ignore suid and sgid bits. */
> #define MS_NOSUID MS_NOSUID
> MS_NODEV = 4, /* Disallow access to device special files. */
> #define MS_NODEV MS_NODEV
> ...
> };
>
> Can anyone explain the value of this programming style? Is this just an
> example of the result of how programming is taught today?
>
>
This really is more a C question than a UNIX one. The problem is that
the preprocessor macros are really kind of a kludge. Making things
either enums (or in later C/C++ const int definitions) is a lot cleaner.
The #define is just probably backwards a compatibility kludge (for people
using things like MS_RDONLY or whatever in other macros).
[-- Attachment #1: Type: text/plain, Size: 1963 bytes --] On Wed, Nov 13, 2019, 12:15 PM <ron@ronnatalie.com> wrote: > > > > > BTW, I'm doing my first messing around with the Linux kernel these days; > > if anyone knows the guts of the generic filesystem code I could use a bit > > of help. Here's something that I came across on the way in > <sys/mount.h>: > > > > enum > > { > > MS_RDONLY = 1, /* Mount read-only. */ > > #define MS_RDONLY MS_RDONLY > > MS_NOSUID = 2, /* Ignore suid and sgid bits. */ > > #define MS_NOSUID MS_NOSUID > > MS_NODEV = 4, /* Disallow access to device > special files. */ > > #define MS_NODEV MS_NODEV > > ... > > }; > > > > Can anyone explain the value of this programming style? Is this just an > > example of the result of how programming is taught today? > > > > > > This really is more a C question than a UNIX one. The problem is that > the preprocessor macros are really kind of a kludge. Making things > either enums (or in later C/C++ const int definitions) is a lot cleaner. > The #define is just probably backwards a compatibility kludge (for people > using things like MS_RDONLY or whatever in other macros). > It lets the users of these interfaces conditionally use them as ifdef. A pure enum interface doesn't let you do that. This makes it harder to write portable code that is driven directly by what is defined. While it seems purer to use enum, it is problematic. C++ doesn't let you use it for bit fields due to special rules around enums that aren't there to get in the way in C. Conditional code is important, as are providing enough compat scaffolding when sharing code between many systems, or when different compilers are used. Macro processing accomplishes this rather well, though not without other issues. In an ideal world, you could put other constructs into the language to accomplish these goals... But none that have been good enough to gain any traction at all.... Warner > [-- Attachment #2: Type: text/html, Size: 2805 bytes --]
On 11/13/19 1:02 PM, Jon Steinhart wrote: > At the K-12 level, the stage is set by combination of the "everybody > must learn to code" curriculum with "no child left behind". School > administrators dispense with any critical thinking about the value of > the curriculum in order to chase grant dollars. In my experience as a school board member, it's not grant dollars so much as the amount of control the state exerts over the curriculum. The state dictates the material and content that is taught. For AP classes, like AP computer science, the College Board creates the courses and decides what material is included. And in most cases, especially AP classes and core classes where there are end-of-course proficiency requirements, the material on those standardized tests dictates how the course is taught. This is off-topic at this point. -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, UTech, CWRU chet@case.edu http://tiswww.cwru.edu/~chet/
FYI. ----- Forwarded message from Linus Torvalds <torvalds@linux-foundation.org> ----- Date: Wed, 13 Nov 2019 12:37:50 -0800 From: Linus Torvalds <torvalds@linux-foundation.org> To: Larry McVoy <lm@mcvoy.com> Subject: Re: enum style? On Wed, Nov 13, 2019 at 10:28 AM Larry McVoy <lm@mcvoy.com> wrote: > > and asked what was the point of the #defines. I couldn't answer, the only > thing I can think of is so you can say > > int flags = MS_RDONLY; > > Which is cool, but why bother with the enum? For the kernel we actually have this special "type-safe enum" checker thing, which warns about assigning one enum type to another. It's not really C, but it's close. It's the same tool we use for some other kernel-specific type checking (user pointers vs kernel pointers etc): 'sparse'. http://man7.org/linux/man-pages/man1/sparse.1.html and in particular the "-Wenum-mismatch" flag to enable that warning when you assign an enum to another enum. It's quite useful for verifying that you pass the right kind of enum to functions etc - which is a really easy mistake to make in C, since they all just devolve into 'int' when they are used. However, we don't use it for the MS_xyz flag: those are just plain #define's in the kernel. But maybe somebody at some point wanted to do something similar for the ones you point at? The only other reason I can think of is that somebody really wanted to use an enum for namespace reasons, and then noticed that other people had used a #define and used "#ifdef XYZ" to check whether it was available, and then instead of changing the enums to #defines, they just added the self-defines. In the kernel we do that "use #define for discoberability" quite a lot particularly with architecture-specific helper functions. So you migth have static inline some_arch_fn(..) ... #define some_arch_fn some_arch_fn in an architecture file, and then in generic code we have #ifndef some_arch_fn static inline some_arch_fn(.,,) /* generic implemenbtation goes here */ #endif as a way to avoid extra configuration variables for the "do I have a special version X?" There's no way to ask "is the C symbol X available in this scope", so using the pre-processor for that is as close as you can get. Linus ----- End forwarded message ----- -- --- Larry McVoy lm at mcvoy.com http://www.mcvoy.com/lm
[-- Attachment #1: Type: text/plain, Size: 1267 bytes --] On Wed, Nov 13, 2019 at 1:03 PM Jon Steinhart <jon@fourwinds.com> wrote: > arnold@skeeve.com writes: > Programming today is taught as if it consists of importing libraries > and gluing function calls together. > To be fair, this is basically what modern software development in enterprise settings is. Thing is, you don’t need a CS degree for that; it’s a completely artificial barrier to entry. You need an apprenticeship. That’s even kind of acknowledged, in that by your third job, no one cares where or if you went to school or what for. Anyway, my question for you all is, how do we as seasoned practitioners > leverage our experience to contribute to the state of the art? Any of > you found a way to pass on your knowledge? > Find someone who’s interested and talk to them? I mean, that’s kinda what this list is, right? The other part: it’s historically been a crap shoot whether the CS department at any given place came out of EE, in which case it was the bottom-up here’s a transistor, and here’s a flip-flop, and, look, logic gates! Adders! Et cetera, or it came out of the math department and is a theory-heavy specialization of some very particular parts of discrete mathematics and combinatorics. [-- Attachment #2: Type: text/html, Size: 1972 bytes --]
On Fri, Nov 15, 2019 at 05:49:29PM -0500, Adam Thornton wrote:
>
> The other part: it’s historically been a crap shoot whether the CS
> department at any given place came out of EE, in which case it was the
> bottom-up here’s a transistor, and here’s a flip-flop, and, look, logic
> gates! Adders! Et cetera, or it came out of the math department and is a
> theory-heavy specialization of some very particular parts of discrete
> mathematics and combinatorics.
And neither of these necessarily means that a person with CS
undergraduate degree will necessarily have a strong OS / Systems
background. I remember running out of undergraduate CS classes at
MIT, so I started taking the graduate level classes --- and was
astounded when a first year graduate student raised their hand and
asked, "What's Virtual Memory"? Turns out she came from a highly
math-centric program, and it was simply never covered --- which is why
the first level intro CS class, even at the graduate level, couldn't
make any assumptions about what admitted graduate students might have
as their background.
On the flip side, I remember talking to someone who had their CS
undergraduate program from the UK, and he was astounded that we didn't
cover type functions and type theory as part of MIT's undergraduate CS
program. (It's covered in a graduate level class, and most undergrads
wouldn't have taken it.)
So the fundamental issue is there is no real consensus about what must
be in a CS undergraduate degree program. It used to be one of my
favorite interview questions required that as part of answer, to
implement the moral equivalent of itoa(). What floored me was how
many interviewees with a 4 year CS degree program under their belt
foundered on what was supposed to be the warmup, "just checking to
make sure you know how to program" part of the problem.
- Ted
On Tue, 19 Nov 2019, Tony Finch wrote:
> Amusingly POSIX says the C standard takes precedence wrt the details of
> gets() (and other library functions) and C18 abolished gets(). I'm
> slightly surprised that the POSIX committee didn't see that coming and
> include the change in the 2018 edition...
Didn't know that gets() had finally been abolished; it's possibly the most
unsafe function (OK, macro) on the planet. I've long been tempted to
remove gets() and see what breaks...
-- Dave
[-- Attachment #1: Type: text/plain, Size: 872 bytes --] On Thu, Nov 21, 2019 at 1:02 PM Dave Horsfall <dave@horsfall.org> wrote: > On Tue, 19 Nov 2019, Tony Finch wrote: > > > Amusingly POSIX says the C standard takes precedence wrt the details of > > gets() (and other library functions) and C18 abolished gets(). I'm > > slightly surprised that the POSIX committee didn't see that coming and > > include the change in the 2018 edition... > > Didn't know that gets() had finally been abolished; it's possibly the most > unsafe function (OK, macro) on the planet. I've long been tempted to > remove gets() and see what breaks... > A few things actually broke when FreeBSD removed it. Apart from 'wrappers' that needed it for various reasons, it was only a few programs in our 'ports' package that needed to be corrected. Most people have moved on with the 20 years of warnings when it was used... Sadly only most... Warner [-- Attachment #2: Type: text/html, Size: 1333 bytes --]
[-- Attachment #1: Type: text/plain, Size: 408 bytes --] On Thu, Nov 21, 2019 at 3:39 PM Warner Losh <imp@bsdimp.com> wrote: > A few things actually broke when FreeBSD removed it. Apart from 'wrappers' > that needed it for various reasons, it was only a few programs in our > 'ports' package that needed to be corrected. > > Most people have moved on with the 20 years of warnings when it was > used... Sadly only most... > > Warner > That is encouraging to hear. [-- Attachment #2: Type: text/html, Size: 992 bytes --]
Dave Horsfall wrote in <alpine.BSF.2.21.9999.1911220658250.33542@aneurin\ .horsfall.org>: |On Tue, 19 Nov 2019, Tony Finch wrote: |> Amusingly POSIX says the C standard takes precedence wrt the details of |> gets() (and other library functions) and C18 abolished gets(). I'm |> slightly surprised that the POSIX committee didn't see that coming and |> include the change in the 2018 edition... This week (on the 19th, to be exact) Geoff Clare made official the desire to align a forthcoming POSIX Issue 8 with ISO C17. Current POSIX (1003.1(2016)/Issue7+TC2) still aligns with C99. And, compared to C99, the POSIX wording causes sympathy d37021 APPLICATION USAGE 37022 Reading a line that overflows the array pointed to by s results in undefined behavior. The use of 37023 fgets( ) is recommended. 37024 Since the user cannot specify the length of the buffer passed to gets( ), use of this function is 37025 discouraged. The length of the string read is unlimited. It is possible to overflow this buffer in 37026 such a way as to cause applications to fail, or possible system security violations. 37027 Applications should use the fgets( ) function instead of the obsolescent gets( ) function. 37028 RATIONALE 37029 The standard developers decided to mark the gets( ) function as obsolescent even though it is in 37030 the ISO C standard due to the possibility of buffer overflow. 37031 FUTURE DIRECTIONS 37032 The gets( ) function may be removed in a future version. |Didn't know that gets() had finally been abolished; it's possibly the most |unsafe function (OK, macro) on the planet. I've long been tempted to |remove gets() and see what breaks... It seems to have been removed in C 2011, except get_s(), which is still present in the C 2017 draft that i have. (I have never used any of the _s() functions.) --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
[-- Attachment #1: Type: text/plain, Size: 494 bytes --] On Thu, 21 Nov 2019, Warner Losh wrote: > A few things actually broke when FreeBSD removed it. Apart from > 'wrappers' that needed it for various reasons, it was only a few > programs in our 'ports' package that needed to be corrected. FreeBSD prints a stern warning (both at compilation and execution) if you use it; I quickly fixed all my programs when I saw them :-) > Most people have moved on with the 20 years of warnings when it was > used... Sadly only most... Yep :-( -- Dave